[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#39766: Security-Problems, probably known
|
From: |
Antonio Trande |
|
Subject: |
Re: bug#39766: Security-Problems, probably known |
|
Date: |
Tue, 10 Mar 2020 18:37:27 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
@Mark,
do you why the binary releases are not spread?
On 10/03/20 18:31, address@hidden wrote:
> Current binary release is 60.7.0 which is vulnerable and that is the
> problem, see: https://ftp.gnu.org/gnu/gnuzilla/?C=M;O=D
>
> On 3/10/20 6:24 PM, Antonio Trande wrote:
>> These issues have been fixed with Firefox ESR 68.4.1; current IceCat
>> release on 68 branch is the 68.6.0. So, what's the problem?
>>
>> On 10/03/20 10:29, address@hidden wrote:
>>> Hello,
>>>
>>> It seems no one has replied to this. I think IceCat should no longer be
>>> recommended to users until this issue is resolved especially since
>>> IceCat is advertised as a browser with "Privacy protection features".
>>> Suffice to say such protection features are no good if the browser
>>> itself is vulnerable to the types of vulnerabilities as eluded to before.
>>>
>>> I understand that there aren't sufficient developers to maintain IceCat
>>> but that does not mean the GNU website should offer the browser without
>>> at least clearly addressing it's potential vulnerabilities on the
>>> appropriate webpages.
>>>
>>> As of now, users might download, install and subsequently use IceCat
>>> with the understanding that they have downloaded a browser with enhanced
>>> privacy protection features while not being aware that it is potentially
>>> susceptible to recently discovered vulnerabilities.
>>>
>>> This is precisely the sort of situation that free software, and free and
>>> open information should prevent.
>>>
>>> I hope we can resolve this quickly.
>>>
>>> Kind regards,
>>> Corne
>>>
>>> On 2/24/20 7:05 PM, address@hidden wrote:
>>>> Hello,
>>>>
>>>> I was also really wondering about this as the current version of IceCat
>>>> is a version of Firefox that was affected.
>>>>
>>>> On 24-02-2020 12:09, Arne Wichmann wrote:
>>>>> Good day tou you!
>>>>>
>>>>> I see here some security problems referenced for Firefox, which are
>>>>> probably applicable to Icecat, too:
>>>>>
>>>>> CVE-2019-17026 - IonMonkey type confusion with StoreElementHole and
>>>>> FallibleStoreElement
>>>>> CVE-2019-17017 - Type Confusion in XPCVariant.cpp
>>>>>
>>>>> More less critical ones are referenced, too.
>>>>>
>>>>> Are there plans to adress these?
>>>>>
>>>>> cu
>>>>>
>>>>> AW
>>>>>
>>
>>
--
---
Antonio Trande
Fedora Project
mailto 'sagitter at fedoraproject dot org'
GPG key: 0x7B30EE04E576AA84
GPG key server: https://keys.openpgp.org/
signature.asc
Description: OpenPGP digital signature
- Re: bug#39766: Security-Problems, probably known, address@hidden, 2020/03/10
- Re: bug#39766: Security-Problems, probably known, Antonio Trande, 2020/03/10
- Re: bug#39766: Security-Problems, probably known, address@hidden, 2020/03/10
- Re: bug#39766: Security-Problems, probably known,
Antonio Trande <=
- Re: bug#39766: Security-Problems, probably known, Gary Driggs, 2020/03/10
- Re: bug#39766: Security-Problems, probably known, address@hidden, 2020/03/11
- Re: bug#39766: Security-Problems, probably known, Haniho Dude, 2020/03/11
Success report (was Re: bug#39766: Security-Problems, probably known), Arne Wichmann, 2020/03/11